Patrick’s development blog

Encrypt chat conversations in Pidgin using pidgin-otr

Posted in Articles, Security by Patrick on March 17, 2009

Pidgin is an excellent “chat client” or instant messaging client. I’ve even replaced the MSN client on my Windows system with Pidgin. It’s open source and has support for many different chat networks like MSN, ICQ…

There’s a plugin called pidgin-otr (Off-the-Record messaging) which allows you to encrypt your conversations (assuming the other part also has pidgin-otr installed). Regretfully, people never seems to care about encryption even if they seem to get close to crazy if someone invades their privacy, quite the paradox… Well that’s just another story which i’m not going to post here, as i’m just spreading the word about everything that’s good : )

The Off-the-Record messaging plugin uses public and private keys. It’s very easy to use. Just download the plugin, activate it in the Pidgin add-on menu and generate a key. In the conversation window, a button will appear that makes it easy to toggle encryption on/off.

Download Pidgin from: http://www.pidgin.im/download/
Download Pidgin-otr from: http://www.cypherpunks.ca/otr/index.php#downloads

Encrypting mail in Thunderbird using GnuPG and Enigmail

Posted in Articles, Security by Patrick on March 17, 2009

Thunderbird is a mail user agent developed by Mozilla. GnuPG is an encryption program (free software) that uses the standard OpenPGP. This standard is based on encryption using a private and public key. The private key is used to decrypt the data while the public key is used to encrypt the data.

The Thunderbird add-on Enigmail, provides an “back-end” interface to GnuPG so the user can use Thunderbird to encrypt/decrypt mail. After installing Enigmail, generate a keypair. This will create a public and private key for the current account. The public key is meant to be distributed so other people can send mail encrypted to you. The private key however, is important NOT to distribute. Since it is used to encrypt the messages sent to you with your public key. The public key is usually uploaded to a keyserver.

It’s possible to search for public keys on the keyservers and add public keys into a local list and configure Thunderbird to encrypt all messages by default (supposing the public key to the person in question is added into your key list). Both Thunderbird, GnuPG and Enigmail, are very useful indeed : )

For more information about GnuPG and Enigmail:
http://www.gnupg.org/
http://enigmail.mozdev.org/home/index.php